hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

C#: Add tests for complex CSV flow summaries

Browse Source
This commit is contained in:
Tom Hvitved
2021-06-16 15:25:04 +02:00
parent 0af44a7f94
commit 3f6beaf9df
3 changed files with 284 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

120
csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.cs Normal file
View File

@@ -0,0 +1,120 @@
using System;
namespace My.Qltest
{
public class D
{
void M1()
{
object arg1 = new object();
Sink(StepArgRes(arg1));
}
void M2()
{
object argIn1 = new object();
object argOut1 = new object();
StepArgArg(argIn1, argOut1);
Sink(argOut1);
}
void M3()
{
object arg2 = new object();
StepArgQual(arg2);
Sink(this);
}
void M4()
{
this.Field = new object();
Sink(this.StepFieldGetter());
}
void M5()
{
this.StepFieldSetter(new object());
Sink(this.Field);
}
void M6()
{
this.Property = new object();
Sink(this.StepPropertyGetter());
}
void M7()
{
this.StepPropertySetter(new object());
Sink(this.Property);
}
void M8()
{
this.StepElementSetter(new object());
Sink(this.StepElementGetter());
}
void M9()
{
Apply<object, object>(o => { Sink(o); return o; }, new object());
}
void M10()
{
var o = Apply<int, object>(_ => new object(), 0);
Sink(o);
}
void M11()
{
var objs = new[] { new object() };
Map(objs, o => { Sink(o); return o; });
}
void M12()
{
var objs = Map(new[] { 0 }, _ => new object());
Sink(objs[0]);
}
void M13()
{
var objs = new[] { new object() };
var objs2 = Map(objs, o => o);
Sink(objs2[0]);
}
object StepArgRes(object x) { return null; }
void StepArgArg(object @in, object @out) { }
void StepArgQual(object x) { }
object StepQualRes() { return null; }
void StepQualArg(object @out) { }
object Field;
object StepFieldGetter() => throw null;
void StepFieldSetter(object value) => throw null;
object Property { get; set; }
object StepPropertyGetter() => throw null;
void StepPropertySetter(object value) => throw null;
object StepElementGetter() => throw null;
void StepElementSetter(object value) => throw null;
static T Apply<S, T>(Func<S, T> f, T t) => throw null;
static S[] Map<S, T>(S[] elements, Func<S, T> f) => throw null;
static void Sink(object o) { }
}
}

117
csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.expected Normal file
View File

@@ -0,0 +1,117 @@
edges
| ExternalFlow.cs:9:27:9:38 | object creation of type Object : Object | ExternalFlow.cs:10:29:10:32 | access to local variable arg1 : Object |
| ExternalFlow.cs:10:29:10:32 | access to local variable arg1 : Object | ExternalFlow.cs:10:18:10:33 | call to method StepArgRes |
| ExternalFlow.cs:15:29:15:40 | object creation of type Object : Object | ExternalFlow.cs:17:24:17:29 | access to local variable argIn1 : Object |
| ExternalFlow.cs:16:30:16:41 | object creation of type Object : Object | ExternalFlow.cs:18:18:18:24 | access to local variable argOut1 |
| ExternalFlow.cs:17:24:17:29 | access to local variable argIn1 : Object | ExternalFlow.cs:17:32:17:38 | [post] access to local variable argOut1 : Object |
| ExternalFlow.cs:17:32:17:38 | [post] access to local variable argOut1 : Object | ExternalFlow.cs:18:18:18:24 | access to local variable argOut1 |
| ExternalFlow.cs:23:27:23:38 | object creation of type Object : Object | ExternalFlow.cs:24:25:24:28 | access to local variable arg2 : Object |
| ExternalFlow.cs:24:13:24:29 | [post] this access : D | ExternalFlow.cs:25:18:25:21 | this access |
| ExternalFlow.cs:24:25:24:28 | access to local variable arg2 : Object | ExternalFlow.cs:24:13:24:29 | [post] this access : D |
| ExternalFlow.cs:30:13:30:16 | [post] this access [field Field] : Object | ExternalFlow.cs:31:18:31:21 | this access [field Field] : Object |
| ExternalFlow.cs:30:26:30:37 | object creation of type Object : Object | ExternalFlow.cs:30:13:30:16 | [post] this access [field Field] : Object |
| ExternalFlow.cs:31:18:31:21 | this access [field Field] : Object | ExternalFlow.cs:31:18:31:39 | call to method StepFieldGetter |
| ExternalFlow.cs:36:13:36:16 | [post] this access [field Field] : Object | ExternalFlow.cs:37:18:37:21 | this access [field Field] : Object |
| ExternalFlow.cs:36:34:36:45 | object creation of type Object : Object | ExternalFlow.cs:36:13:36:16 | [post] this access [field Field] : Object |
| ExternalFlow.cs:37:18:37:21 | this access [field Field] : Object | ExternalFlow.cs:37:18:37:27 | access to field Field |
| ExternalFlow.cs:42:13:42:16 | [post] this access [property Property] : Object | ExternalFlow.cs:43:18:43:21 | this access [property Property] : Object |
| ExternalFlow.cs:42:29:42:40 | object creation of type Object : Object | ExternalFlow.cs:42:13:42:16 | [post] this access [property Property] : Object |
| ExternalFlow.cs:43:18:43:21 | this access [property Property] : Object | ExternalFlow.cs:43:18:43:42 | call to method StepPropertyGetter |
| ExternalFlow.cs:48:13:48:16 | [post] this access [property Property] : Object | ExternalFlow.cs:49:18:49:21 | this access [property Property] : Object |
| ExternalFlow.cs:48:37:48:48 | object creation of type Object : Object | ExternalFlow.cs:48:13:48:16 | [post] this access [property Property] : Object |
| ExternalFlow.cs:49:18:49:21 | this access [property Property] : Object | ExternalFlow.cs:49:18:49:30 | access to property Property |
| ExternalFlow.cs:54:13:54:16 | [post] this access [element] : Object | ExternalFlow.cs:55:18:55:21 | this access [element] : Object |
| ExternalFlow.cs:54:36:54:47 | object creation of type Object : Object | ExternalFlow.cs:54:13:54:16 | [post] this access [element] : Object |
| ExternalFlow.cs:55:18:55:21 | this access [element] : Object | ExternalFlow.cs:55:18:55:41 | call to method StepElementGetter |
| ExternalFlow.cs:60:35:60:35 | o : Object | ExternalFlow.cs:60:47:60:47 | access to parameter o |
| ExternalFlow.cs:60:64:60:75 | object creation of type Object : Object | ExternalFlow.cs:114:46:114:46 | t : Object |
| ExternalFlow.cs:65:21:65:60 | call to method Apply : Object | ExternalFlow.cs:66:18:66:18 | access to local variable o |
| ExternalFlow.cs:65:45:65:56 | object creation of type Object : Object | ExternalFlow.cs:65:21:65:60 | call to method Apply : Object |
| ExternalFlow.cs:71:30:71:45 | { ..., ... } [element] : Object | ExternalFlow.cs:72:17:72:20 | access to local variable objs [element] : Object |
| ExternalFlow.cs:71:32:71:43 | object creation of type Object : Object | ExternalFlow.cs:71:30:71:45 | { ..., ... } [element] : Object |
| ExternalFlow.cs:72:17:72:20 | access to local variable objs [element] : Object | ExternalFlow.cs:116:34:116:41 | elements [element] : Object |
| ExternalFlow.cs:72:23:72:23 | o : Object | ExternalFlow.cs:72:35:72:35 | access to parameter o |
| ExternalFlow.cs:77:24:77:58 | call to method Map [element] : Object | ExternalFlow.cs:78:18:78:21 | access to local variable objs [element] : Object |
| ExternalFlow.cs:77:46:77:57 | object creation of type Object : Object | ExternalFlow.cs:77:24:77:58 | call to method Map [element] : Object |
| ExternalFlow.cs:78:18:78:21 | access to local variable objs [element] : Object | ExternalFlow.cs:78:18:78:24 | access to array element : Object |
| ExternalFlow.cs:78:18:78:24 | access to array element : Object | ExternalFlow.cs:78:18:78:24 | (...) ... |
| ExternalFlow.cs:83:30:83:45 | { ..., ... } [element] : Object | ExternalFlow.cs:84:29:84:32 | access to local variable objs [element] : Object |
| ExternalFlow.cs:83:32:83:43 | object creation of type Object : Object | ExternalFlow.cs:83:30:83:45 | { ..., ... } [element] : Object |
| ExternalFlow.cs:84:25:84:41 | call to method Map [element] : Object | ExternalFlow.cs:85:18:85:22 | access to local variable objs2 [element] : Object |
| ExternalFlow.cs:84:29:84:32 | access to local variable objs [element] : Object | ExternalFlow.cs:84:25:84:41 | call to method Map [element] : Object |
| ExternalFlow.cs:85:18:85:22 | access to local variable objs2 [element] : Object | ExternalFlow.cs:85:18:85:25 | access to array element |
| ExternalFlow.cs:114:46:114:46 | t : Object | ExternalFlow.cs:60:35:60:35 | o : Object |
| ExternalFlow.cs:116:34:116:41 | elements [element] : Object | ExternalFlow.cs:72:23:72:23 | o : Object |
nodes
| ExternalFlow.cs:9:27:9:38 | object creation of type Object : Object | semmle.label | object creation of type Object : Object |
| ExternalFlow.cs:10:18:10:33 | call to method StepArgRes | semmle.label | call to method StepArgRes |
| ExternalFlow.cs:10:29:10:32 | access to local variable arg1 : Object | semmle.label | access to local variable arg1 : Object |
| ExternalFlow.cs:15:29:15:40 | object creation of type Object : Object | semmle.label | object creation of type Object : Object |
| ExternalFlow.cs:16:30:16:41 | object creation of type Object : Object | semmle.label | object creation of type Object : Object |
| ExternalFlow.cs:17:24:17:29 | access to local variable argIn1 : Object | semmle.label | access to local variable argIn1 : Object |
| ExternalFlow.cs:17:32:17:38 | [post] access to local variable argOut1 : Object | semmle.label | [post] access to local variable argOut1 : Object |
| ExternalFlow.cs:18:18:18:24 | access to local variable argOut1 | semmle.label | access to local variable argOut1 |
| ExternalFlow.cs:23:27:23:38 | object creation of type Object : Object | semmle.label | object creation of type Object : Object |
| ExternalFlow.cs:24:13:24:29 | [post] this access : D | semmle.label | [post] this access : D |
| ExternalFlow.cs:24:25:24:28 | access to local variable arg2 : Object | semmle.label | access to local variable arg2 : Object |
| ExternalFlow.cs:25:18:25:21 | this access | semmle.label | this access |
| ExternalFlow.cs:30:13:30:16 | [post] this access [field Field] : Object | semmle.label | [post] this access [field Field] : Object |
| ExternalFlow.cs:30:26:30:37 | object creation of type Object : Object | semmle.label | object creation of type Object : Object |
| ExternalFlow.cs:31:18:31:21 | this access [field Field] : Object | semmle.label | this access [field Field] : Object |
| ExternalFlow.cs:31:18:31:39 | call to method StepFieldGetter | semmle.label | call to method StepFieldGetter |
| ExternalFlow.cs:36:13:36:16 | [post] this access [field Field] : Object | semmle.label | [post] this access [field Field] : Object |
| ExternalFlow.cs:36:34:36:45 | object creation of type Object : Object | semmle.label | object creation of type Object : Object |
| ExternalFlow.cs:37:18:37:21 | this access [field Field] : Object | semmle.label | this access [field Field] : Object |
| ExternalFlow.cs:37:18:37:27 | access to field Field | semmle.label | access to field Field |
| ExternalFlow.cs:42:13:42:16 | [post] this access [property Property] : Object | semmle.label | [post] this access [property Property] : Object |
| ExternalFlow.cs:42:29:42:40 | object creation of type Object : Object | semmle.label | object creation of type Object : Object |
| ExternalFlow.cs:43:18:43:21 | this access [property Property] : Object | semmle.label | this access [property Property] : Object |
| ExternalFlow.cs:43:18:43:42 | call to method StepPropertyGetter | semmle.label | call to method StepPropertyGetter |
| ExternalFlow.cs:48:13:48:16 | [post] this access [property Property] : Object | semmle.label | [post] this access [property Property] : Object |
| ExternalFlow.cs:48:37:48:48 | object creation of type Object : Object | semmle.label | object creation of type Object : Object |
| ExternalFlow.cs:49:18:49:21 | this access [property Property] : Object | semmle.label | this access [property Property] : Object |
| ExternalFlow.cs:49:18:49:30 | access to property Property | semmle.label | access to property Property |
| ExternalFlow.cs:54:13:54:16 | [post] this access [element] : Object | semmle.label | [post] this access [element] : Object |
| ExternalFlow.cs:54:36:54:47 | object creation of type Object : Object | semmle.label | object creation of type Object : Object |
| ExternalFlow.cs:55:18:55:21 | this access [element] : Object | semmle.label | this access [element] : Object |
| ExternalFlow.cs:55:18:55:41 | call to method StepElementGetter | semmle.label | call to method StepElementGetter |
| ExternalFlow.cs:60:35:60:35 | o : Object | semmle.label | o : Object |
| ExternalFlow.cs:60:47:60:47 | access to parameter o | semmle.label | access to parameter o |
| ExternalFlow.cs:60:64:60:75 | object creation of type Object : Object | semmle.label | object creation of type Object : Object |
| ExternalFlow.cs:65:21:65:60 | call to method Apply : Object | semmle.label | call to method Apply : Object |
| ExternalFlow.cs:65:45:65:56 | object creation of type Object : Object | semmle.label | object creation of type Object : Object |
| ExternalFlow.cs:66:18:66:18 | access to local variable o | semmle.label | access to local variable o |
| ExternalFlow.cs:71:30:71:45 | { ..., ... } [element] : Object | semmle.label | { ..., ... } [element] : Object |
| ExternalFlow.cs:71:32:71:43 | object creation of type Object : Object | semmle.label | object creation of type Object : Object |
| ExternalFlow.cs:72:17:72:20 | access to local variable objs [element] : Object | semmle.label | access to local variable objs [element] : Object |
| ExternalFlow.cs:72:23:72:23 | o : Object | semmle.label | o : Object |
| ExternalFlow.cs:72:35:72:35 | access to parameter o | semmle.label | access to parameter o |
| ExternalFlow.cs:77:24:77:58 | call to method Map [element] : Object | semmle.label | call to method Map [element] : Object |
| ExternalFlow.cs:77:46:77:57 | object creation of type Object : Object | semmle.label | object creation of type Object : Object |
| ExternalFlow.cs:78:18:78:21 | access to local variable objs [element] : Object | semmle.label | access to local variable objs [element] : Object |
| ExternalFlow.cs:78:18:78:24 | (...) ... | semmle.label | (...) ... |
| ExternalFlow.cs:78:18:78:24 | access to array element : Object | semmle.label | access to array element : Object |
| ExternalFlow.cs:83:30:83:45 | { ..., ... } [element] : Object | semmle.label | { ..., ... } [element] : Object |
| ExternalFlow.cs:83:32:83:43 | object creation of type Object : Object | semmle.label | object creation of type Object : Object |
| ExternalFlow.cs:84:25:84:41 | call to method Map [element] : Object | semmle.label | call to method Map [element] : Object |
| ExternalFlow.cs:84:29:84:32 | access to local variable objs [element] : Object | semmle.label | access to local variable objs [element] : Object |
| ExternalFlow.cs:85:18:85:22 | access to local variable objs2 [element] : Object | semmle.label | access to local variable objs2 [element] : Object |
| ExternalFlow.cs:85:18:85:25 | access to array element | semmle.label | access to array element |
| ExternalFlow.cs:114:46:114:46 | t : Object | semmle.label | t : Object |
| ExternalFlow.cs:116:34:116:41 | elements [element] : Object | semmle.label | elements [element] : Object |
invalidModelRow
#select
| ExternalFlow.cs:10:18:10:33 | call to method StepArgRes | ExternalFlow.cs:9:27:9:38 | object creation of type Object : Object | ExternalFlow.cs:10:18:10:33 | call to method StepArgRes | $@ | ExternalFlow.cs:9:27:9:38 | object creation of type Object : Object | object creation of type Object : Object |
| ExternalFlow.cs:18:18:18:24 | access to local variable argOut1 | ExternalFlow.cs:15:29:15:40 | object creation of type Object : Object | ExternalFlow.cs:18:18:18:24 | access to local variable argOut1 | $@ | ExternalFlow.cs:15:29:15:40 | object creation of type Object : Object | object creation of type Object : Object |
| ExternalFlow.cs:18:18:18:24 | access to local variable argOut1 | ExternalFlow.cs:16:30:16:41 | object creation of type Object : Object | ExternalFlow.cs:18:18:18:24 | access to local variable argOut1 | $@ | ExternalFlow.cs:16:30:16:41 | object creation of type Object : Object | object creation of type Object : Object |
| ExternalFlow.cs:25:18:25:21 | this access | ExternalFlow.cs:23:27:23:38 | object creation of type Object : Object | ExternalFlow.cs:25:18:25:21 | this access | $@ | ExternalFlow.cs:23:27:23:38 | object creation of type Object : Object | object creation of type Object : Object |
| ExternalFlow.cs:31:18:31:39 | call to method StepFieldGetter | ExternalFlow.cs:30:26:30:37 | object creation of type Object : Object | ExternalFlow.cs:31:18:31:39 | call to method StepFieldGetter | $@ | ExternalFlow.cs:30:26:30:37 | object creation of type Object : Object | object creation of type Object : Object |
| ExternalFlow.cs:37:18:37:27 | access to field Field | ExternalFlow.cs:36:34:36:45 | object creation of type Object : Object | ExternalFlow.cs:37:18:37:27 | access to field Field | $@ | ExternalFlow.cs:36:34:36:45 | object creation of type Object : Object | object creation of type Object : Object |
| ExternalFlow.cs:43:18:43:42 | call to method StepPropertyGetter | ExternalFlow.cs:42:29:42:40 | object creation of type Object : Object | ExternalFlow.cs:43:18:43:42 | call to method StepPropertyGetter | $@ | ExternalFlow.cs:42:29:42:40 | object creation of type Object : Object | object creation of type Object : Object |
| ExternalFlow.cs:49:18:49:30 | access to property Property | ExternalFlow.cs:48:37:48:48 | object creation of type Object : Object | ExternalFlow.cs:49:18:49:30 | access to property Property | $@ | ExternalFlow.cs:48:37:48:48 | object creation of type Object : Object | object creation of type Object : Object |
| ExternalFlow.cs:55:18:55:41 | call to method StepElementGetter | ExternalFlow.cs:54:36:54:47 | object creation of type Object : Object | ExternalFlow.cs:55:18:55:41 | call to method StepElementGetter | $@ | ExternalFlow.cs:54:36:54:47 | object creation of type Object : Object | object creation of type Object : Object |
| ExternalFlow.cs:60:47:60:47 | access to parameter o | ExternalFlow.cs:60:64:60:75 | object creation of type Object : Object | ExternalFlow.cs:60:47:60:47 | access to parameter o | $@ | ExternalFlow.cs:60:64:60:75 | object creation of type Object : Object | object creation of type Object : Object |
| ExternalFlow.cs:66:18:66:18 | access to local variable o | ExternalFlow.cs:65:45:65:56 | object creation of type Object : Object | ExternalFlow.cs:66:18:66:18 | access to local variable o | $@ | ExternalFlow.cs:65:45:65:56 | object creation of type Object : Object | object creation of type Object : Object |
| ExternalFlow.cs:72:35:72:35 | access to parameter o | ExternalFlow.cs:71:32:71:43 | object creation of type Object : Object | ExternalFlow.cs:72:35:72:35 | access to parameter o | $@ | ExternalFlow.cs:71:32:71:43 | object creation of type Object : Object | object creation of type Object : Object |
| ExternalFlow.cs:78:18:78:24 | (...) ... | ExternalFlow.cs:77:46:77:57 | object creation of type Object : Object | ExternalFlow.cs:78:18:78:24 | (...) ... | $@ | ExternalFlow.cs:77:46:77:57 | object creation of type Object : Object | object creation of type Object : Object |
| ExternalFlow.cs:85:18:85:25 | access to array element | ExternalFlow.cs:83:32:83:43 | object creation of type Object : Object | ExternalFlow.cs:85:18:85:25 | access to array element | $@ | ExternalFlow.cs:83:32:83:43 | object creation of type Object : Object | object creation of type Object : Object |

47
csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.ql Normal file
View File

@@ -0,0 +1,47 @@
/**
* @kind path-problem
*/
import csharp
import semmle.code.csharp.dataflow.ExternalFlow
import DataFlow::PathGraph
import CsvValidation
class SummaryModelTest extends SummaryModelCsv {
override predicate row(string row) {
row =
[
//"namespace;type;overrides;name;signature;ext;inputspec;outputspec;kind",
"My.Qltest;D;false;StepArgRes;(System.Object);;Argument[0];ReturnValue;taint",
"My.Qltest;D;false;StepArgArg;(System.Object,System.Object);;Argument[0];Argument[1];taint",
"My.Qltest;D;false;StepArgQual;(System.Object);;Argument[0];Argument[-1];taint",
"My.Qltest;D;false;StepFieldGetter;();;Field[My.Qltest.D.Field] of Argument[-1];ReturnValue;value",
"My.Qltest;D;false;StepFieldSetter;(System.Object);;Argument[0];Field[My.Qltest.D.Field] of Argument[-1];value",
"My.Qltest;D;false;StepPropertyGetter;();;Property[My.Qltest.D.Property] of Argument[-1];ReturnValue;value",
"My.Qltest;D;false;StepPropertySetter;(System.Object);;Argument[0];Property[My.Qltest.D.Property] of Argument[-1];value",
"My.Qltest;D;false;StepElementGetter;();;Element of Argument[-1];ReturnValue;value",
"My.Qltest;D;false;StepElementSetter;(System.Object);;Argument[0];Element of Argument[-1];value",
"My.Qltest;D;false;Apply;(System.Func<My.Qltest.D.Apply.<0>,My.Qltest.D.Apply.<1>>,My.Qltest.D.Apply.<1>);;Argument[1];Parameter[0] of Argument[0];value",
"My.Qltest;D;false;Apply;(System.Func<My.Qltest.D.Apply.<0>,My.Qltest.D.Apply.<1>>,My.Qltest.D.Apply.<1>);;ReturnValue of Argument[0];ReturnValue;value",
"My.Qltest;D;false;Map;(My.Qltest.D.Map.<0>[],System.Func<My.Qltest.D.Map.<0>,My.Qltest.D.Map.<1>>);;Element of Argument[0];Parameter[0] of Argument[1];value",
"My.Qltest;D;false;Map;(My.Qltest.D.Map.<0>[],System.Func<My.Qltest.D.Map.<0>,My.Qltest.D.Map.<1>>);;ReturnValue of Argument[1];Element of ReturnValue;value"
]
}
}
class Conf extends TaintTracking::Configuration {
Conf() { this = "ExternalFlow" }
override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof ObjectCreation }
override predicate isSink(DataFlow::Node sink) {
exists(MethodCall mc |
mc.getTarget().hasName("Sink") and
mc.getAnArgument() = sink.asExpr()
)
}
}
from DataFlow::PathNode source, DataFlow::PathNode sink, Conf conf
where conf.hasFlowPath(source, sink)
select sink, source, sink, "$@", source, source.toString()